diff mbox series

[scarthgap,2/3] ffmpeg: ignore CVE-2025-25469

Message ID 20260202040805.596021-2-ankur.tyagi85@gmail.com
State New
Headers show
Series [scarthgap,1/3] ffmpeg: upgrade 6.1.3 -> 6.1.4 | expand

Commit Message

Ankur Tyagi Feb. 2, 2026, 4:08 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469

This vulnerability exists in IAMF (Immersive Audio Model and Formats demuxer)
which was introduced in version 7.0 [1]

$ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
n7.0
n7.0.1
n7.0.2
n7.0.3
n7.1
n7.1-dev
n7.1.1
n7.1.2
n7.1.3
n7.2-dev
n8.0
n8.0.1
n8.1-dev

[1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
index 8b0b7cfd6e..c1536015d9 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
@@ -51,6 +51,8 @@  CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
 CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
 CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
 
+CVE_STATUS[CVE-2025-25469] = "cpe-incorrect: Current version (6.1.4) is not impacted."
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"